EIP-2026-104035

PRE-CVE

Oracle ORADC - ActiveX Control Remote Code Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104035. PoCs published by Umesh Wanve.

AI-analyzed exploit summary This HTML file exploits a remote code execution vulnerability in the Oracle ORADC ActiveX control by invoking the UpdateRecord method, which triggers arbitrary code execution in the context of the application using the control.

Description

Oracle ORADC - ActiveX Control Remote Code Execution

Exploits (1)

exploitdb WORKING POC VERIFIED

by Umesh Wanve · htmlremotemultiple

https://www.exploit-db.com/exploits/29449

View Code ZIP pw:eip

This HTML file exploits a remote code execution vulnerability in the Oracle ORADC ActiveX control by invoking the UpdateRecord method, which triggers arbitrary code execution in the context of the application using the control.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Oracle ORADC ActiveX control (oradc.ocx)

No auth needed

Prerequisites: Victim must visit a malicious webpage or open the HTML file · Oracle ORADC ActiveX control must be installed and registered

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026